No Safety without Security on the IoT

We have reached the stage in the evolution of the Internet of Things (IoT) where two independent processes have become self-sustaining. The first—the creative process—has begun to uncover genuinely compelling applications. Beyond $40 internet lightbulbs, in-refrigerator Webcams, and toothbrushes with smartphone apps, systems developers are starting to see—and to prototype—applications at the convergence of smart sensing, cloud-based analytics, and distributed control. These applications promise unprecedented returns for their users.

But at the same time a second process—a more skeptical one—is gathering momentum. In this process, hackers, security experts, and safety engineers are watching with growing alarm as control systems with the potential to do great harm are drawn out across connected hubs, the Internet, and public clouds, creating an enormous attack surface. Exploits that can seize control of cars, incinerate houses, or bypass the safety interlocks of nuclear reactors can in theory be staged against any vulnerable link in these newly distributed systems.